P
US5966448AExpiredUtilityPatentIndex 96

Cryptographic communication system

Assignee: HITACHI LTDPriority: Aug 30, 1995Filed: Aug 26, 1996Granted: Oct 12, 1999
Est. expiryAug 30, 2015(expired)· nominal 20-yr term from priority
Inventors:NAMBA HIKARITAKARAGI KAZUOMIYAZAKI SATOSHI
H04L 69/08H04L 9/14G06F 21/606H04L 63/0464
96
PatentIndex Score
142
Cited by
13
References
52
Claims

Abstract

According to a cryptographic communication system which can safely perform cipher conversion processing when cryptographic communication is performed between terminals using different cipher types, when a terminal 10A-1 connected to a LAN-A using a cryptographic algorithm C1 transmits data to a terminal 10B-1 connected to a LAN-B using a cryptographic algorithm C2, the terminal 10A-1 generates two meaningless data items from the data to be transmitted, decrypts the two generated data items according to the cryptographic algorithm C1, and then transmits the decrypted data to two cryptographic protocol conversion servers and for dividing the data into two data items. Each of the cryptographic protocol conversion servers decrypts each transmitted data item, the re-encrypts the decrypted data according to the cryptographic algorithm C2, and then transmits the data to the terminal 10B-1. The terminal 10B-1 restores original transmission data on the basis of the two data items transmitted from the respective cryptographic protocol conversion servers.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A cryptographic communication system including at least one of first type terminals using a first cipher type, at least one of second type terminals using a second cipher type different from the first cipher type, and n cryptographic protocol conversion servers (n≧2) using the first and second cipher types, said first type terminals, said second type terminals and said cryptographic protocol conversion servers being connected to one another through at least one of networks; wherein said first type terminal includes: dividing means for dividing data to be transmitted to a terminal of said second type terminals into k items of data to be distributed among k cryptographic protocol conversion servers (n≧k≧2) of said n cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of said second type terminals;   encryption means for encrypting the k items of data generated by said dividing means according to the first cipher type; and   transmitting means for adding terminal information representing each of said first type terminals and said second type terminals to each of said k items of data encrypted by said encryption means and then transmitting said k items of data encrypted to said k cryptographic protocol conversion servers respectively, via said at least one of networks;   each of said k cryptographic protocol conversion servers includes:   cipher conversion means for decrypting said one data item of data encrypted according to the first cipher type, which was transmitted from said first type terminals via said at least one of networks, and then re-encrypting the decrypted data item according to the second cipher type; and   transmitting means for transmitting the one data item re-encrypted by said cipher conversion means to said second type terminal which is indicated by the terminal information added to the data; and   said second type terminal includes:   decryption means for decrypting the k items of data transmitted from each of said k cryptographic protocol conversion servers according to the second cipher type; and   restoring means for restoring original data from the k items of data decrypted by said decryption means.     
     
     
       2. The cryptographic communication system as claimed in claim 1, wherein said dividing means generates k items of data having the same data amount, each of which has a smaller data amount than that of the data before the k items of data are generated. 
     
     
       3. The cryptographic communication system as claimed in claim 1, wherein said dividing means generates k items of data which will have the same data amount as original data before the k items of data are generated when an exclusive OR operation is performed on the k items of data. 
     
     
       4. The cryptographic communication system as claimed in claim 1, wherein said dividing means generates k items of data by successively allocating original data before the generation of the k items of data every fixed data amount. 
     
     
       5. The cryptographic communication system as claimed in claim 4, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       6. The cryptographic communication system as claimed in claim 1, wherein said dividing means scrambles the data before the generation of the k items of data every fixed data amount, and then generates the k items of data from the scrambled data. 
     
     
       7. The cryptographic communication system as claimed in claim 6, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       8. The cryptographic communication system as claimed in claim 1, wherein said cipher conversion means performs the decryption/re-encryption operation every fixed data amount. 
     
     
       9. A cryptographic communication system including at least one of first type terminals using a first cipher type, at least one of second type terminals using a second cipher type different from the first cipher type, and n cryptographic protocol conversion servers (n≧2) using the first and second cipher types, said first type terminals, said second type terminals and said cryptographic protocol conversion servers being connected to one another through at least one of networks; wherein said first type terminal includes: dividing means for dividing data to be transmitted to a terminal of said second type terminals into k items of data to be distributed among k cryptographic protocol conversion servers (n≧k≧2) of said n cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of said second type terminals,   encryption means for encrypting the k items of data generated by said dividing means according to the first cipher type,   transmitting means for adding terminal information representing each of said first type terminals and said second type terminals to each of said k items of data encrypted by said encryption means, and then transmitting said k items of data encrypted to said k cryptographic protocol conversion servers respectively, via said at least one of networks,   decryption means for decrypting the k items of data transmitted from each of said k cryptographic protocol conversion servers according to the first cipher type, and   restoring means for restoring original data from the k items of data decrypted by said decryption means;   said second type terminal includes:   dividing means for dividing data to be transmitted to a terminal of said first type terminals into k items of data to be shared among k cryptographic protocol conversion servers (n≧k≧2) of said n cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of said first type terminals,   encryption means for encrypting the k items of data generated by said sharing means according to the second cipher type,   transmitting means for adding terminal information representing each of said second type terminals and said second type terminals to each of said k items of data encrypted by said encryption means, and then transmitting said k items of data encrypted to said k cryptographic protocol conversion servers respectively, via said at least one of networks   decryption means for decrypting the k items of data transmitted from each of said k cryptographic protocol conversion servers according to the second cipher type, and   restoring means for restoring original data from the k items of data decrypted by said decryption means; and   each of the n cryptographic protocol conversion servers includes:   cipher conversion means for decrypting one data item transmitted from any one of said first type terminals and said second type terminals according to the cipher type of the first and second cipher types which is used by a transmission terminal indicated by the terminal information added to the data, and then re-encrypting the data according to the cipher type of the first and second cipher types which is used by a reception terminal indicated by the terminal information added to the data, and   transmitting means for transmitting one data item re-encrypted by said cipher conversion means to the reception terminal indicated by the terminal information added to the data.     
     
     
       10. The cryptographic communication system as claimed in claim 9, wherein said dividing means generates k items of data having the same data amount, each of which has a smaller data amount than that of the data before the k items of data are generated. 
     
     
       11. The cryptographic communication system as claimed in claim 9, wherein said dividing means generates k items of data which will have the same data amount as original data before the k items of data are generated when an exclusive OR operation is performed on the k items of data. 
     
     
       12. The cryptographic communication system as claimed in claim 9, wherein said dividing means generates k items of data by successively allocating original data before the generation of the k items of data every fixed data amount. 
     
     
       13. The cryptographic communication system as claimed in claim 12, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       14. The cryptographic communication system as claimed in claim 9, wherein said dividing means scrambles the data before the generation of the k items of data every fixed data amount, and then generates the k items of data from the scrambled data. 
     
     
       15. The cryptographic communication system as claimed in claim 14, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       16. The cryptographic communication system as claimed in claim 9, wherein said cipher conversion means performs the decryption/re-encryption operation every fixed data amount. 
     
     
       17. A cryptographic communication system including at least one of first type terminals using a first cipher type, at least one of second type terminals using a second cipher type different from the first cipher type, n first type cryptographic protocol conversion servers (n≧2) using a third cipher type which is different from the first and second cipher types, and n second type cryptographic protocol conversion servers (n≧2) which use the second and third cipher types and each of which beforehand corresponds to each of the n first type cryptographic protocol servers, said first and second type terminals and said first and second type cryptographic protocol conversion servers being connected to one another through at least one of networks; wherein each of said first type terminals includes: dividing means for dividing data to be transmitted into k items of data to be distributed among any of k independent cryptographic protocol conversion servers (n≧k≧2) of the n first type cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of the second type terminals,   encryption means for encrypting the k items of data generated by said dividing means according to the first cipher type,   transmitting means for adding terminal information representing a transmission terminal and a reception terminal to the k items of data encrypted by said encryption means, and then transmitting said k items of data encrypted to the k first type cryptographic protocol conversion servers,   decryption means for decrypting the k items of data transmitted from each of said k first type cryptographic protocol conversion servers according to the first cipher type, and   restoring means for restoring original data from the k items of data decrypted by said decryption means;     each of said second type terminals includes: dividing means for dividing data to be transmitted into k items of data to be distributed among any of k independent cryptographic protocol conversion servers (n≧k≧2) of said n second type cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of said first type terminals,   encryption means for encrypting the k items of data generated by said dividing means according to said second cipher type,   transmitting means for adding terminal information representing a transmission terminal and a reception terminal to the k items of data encrypted by said encryption means, and then transmitting said k items of data encrypted to said k second type cryptographic protocol conversion servers,   decryption means for decrypting the k items of data transmitted from each of said k second type cryptographic protocol conversion servers according to the second cipher type, and   restoring means for restoring original data from the k items of data decrypted by the decryption means;     each of said n first type cryptographic protocol conversion servers includes: cipher conversion means for decrypting one data item transmitted from any one of said first type terminals according to the first cipher type and then re-encrypting the data according to the third cipher type and for decrypting one data item transmitted. from a corresponding one cryptographic protocol conversion server of said n second type cryptographic protocol conversion servers according to the third cipher type and then re-encrypting the data according to the first cipher type, and   transmitting means for transmitting one data item re-encrypted according to the third cipher type by said cipher conversion means to a corresponding one cryptographic protocol conversion server of said n second type cryptographic protocol conversion servers and for transmitting one data item re-encrypted according to the first cipher type by said cipher conversion means to a reception terminal indicated by the terminal information added to the data; and     each of said n second type cryptographic protocol conversion servers includes: cipher conversion means for decrypting one data item transmitted from any one of the second type terminals according to the second cipher type and then re-encrypting the data according to the third cipher type and for decrypting one data item transmitted from a corresponding one cryptographic protocol conversion server of said n first type cryptographic protocol conversion servers according to the third cipher type and then re-encrypting the data according to the second cipher type, and   transmitting means for transmitting one data item re-encrypted according to the third cipher type by said cipher conversion means to corresponding one cryptographic protocol conversion server of said n first type cryptographic protocol conversion servers and for transmitting one data item re-encrypted according to the second cipher type by said cipher conversion means to a reception terminal indicated by the terminal information added to the data.     
     
     
       18. The cryptographic communication system as claimed in claim 17, wherein said dividing means generates k items of data having the same data amount, each of which has a smaller data amount than that of the data before the k items of data are generated. 
     
     
       19. The cryptographic communication system as claimed in claim 17, wherein said dividing means generates k items of data which will have the same data amount as original data before the k items of data are generated when an exclusive OR operation is performed on the k items of data. 
     
     
       20. The cryptographic communication system as claimed in claim 17, wherein said dividing means generates k items of data by successively allocating original data before the generation of the k items of data every fixed data amount. 
     
     
       21. The cryptographic communication system as claimed in claim 20, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       22. The cryptographic communication system as claimed in claim 17, wherein said dividing means scrambles the data before the generation of the k items of data every fixed data amount, and then generates the k items of data from the scrambled data. 
     
     
       23. The cryptographic communication system as claimed in claim 22, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       24. The cryptographic communication system as claimed in claim 17, wherein said cipher conversion means performs the decryption/re-encryption operation every fixed data amount. 
     
     
       25. An information processing device for use in a cryptographic communication system including at least one of first type terminals using a first cipher type, at least one of second type terminals using a second cipher type different from the first cipher type, and n cryptographic protocol conversion servers (n≧2) each of which uses the first cipher type and the second cipher type and converts data encrypted according to one cipher type to data encrypted according to the other cipher type, said first type terminals, said second type terminals and said third type terminals being connected to one another through at least one of networks, said information processing device being used as each of said first type terminals, characterized by comprising: dividing means for dividing data to be transmitted into k items of data to be distributed among any of k independent cryptographic protocol conversion servers (n≧k≧2) of said n cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of said second type terminals;   encryption means for encrypting the k items of data generated by said dividing means according to the first cipher type;   transmitting means for adding terminal information representing a transmission terminal and a reception terminal to the k items of data. encrypted by said encryption means, and then transmitting said k items of data encrypted to said k cryptographic protocol conversion servers;   decryption means for decrypting the k items of data transmitted from each of said k cryptographic protocol conversion servers according to the first cipher type; and   restoring means for restoring original data from the k items of data decrypted by said decryption means.   
     
     
       26. The information processing device as claimed in claim 25, wherein said dividing means generates k items of data which will be the same data before the generation of the k items of data through an exclusive OR operation. 
     
     
       27. A cryptographic communication method for use in a cryptographic communication system including at least one of first type terminals using a first cipher type, at least one of second type terminals using a second cipher type different from the first cipher type, and n cryptographic protocol conversion servers (n≧2) using the first and second cipher types, said first type terminals, said second type terminals and said cryptographic protocol conversion servers being connected to one another through at least one of networks, said cryptographic communication method performing cryptographic communication between the first type terminals and the second type terminals, characterized in that: each of said first type terminals divides data to be transmitted to a terminal of said second type terminals into k items of data to be distributed to k cryptographic protocol conversion servers (n≧k≧2) of said n cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of the second type terminals, encrypts the divided k items of data according to the first cipher type, and adds terminal information representing a transmission terminal and a reception terminal to the encrypted k items of data to transmit the data to the k cryptographic protocol conversion servers;   each of the n cryptographic protocol conversion servers decrypts one data item transmitted from any terminal of the first type terminals according to the first cipher type, re-encrypts the decrypted data according to the second cipher type, and transmits the re-encrypted one data item to a reception terminal which is indicated by the terminal information added to the data; and   each of the second type terminals decrypts the k items of data transmitted from each of the k cryptographic protocol conversion servers according to the second cipher type, and restores original data from the decrypted k items of data.   
     
     
       28. The cryptographic communication method as claimed in claim 27, wherein the generated k items of data have the same data amount, and each of the k items of data has a smaller data amount than that of the data before the k items of data are generated. 
     
     
       29. The cryptographic communication method as claimed in claim 27, wherein the k items of data will have the same data amount as original data before the k items of data are generated when an exclusive OR operation is performed on the k items of data. 
     
     
       30. The cryptographic communication method as claimed in claim 27, wherein the k items of data are generated by successively allocating original data before the generation of the k items of data every fixed data amount. 
     
     
       31. The cryptographic communication method as claimed in claim 30, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       32. The cryptographic communication method as claimed in claim 27, wherein the data before the generation of the k items of data are scrambled every fixed data amount, and then the k items of data are generated from the scrambled data. 
     
     
       33. The cryptographic communication method as claimed in claim 32, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       34. The cryptographic communication system as claimed in claim 27, wherein the decryption/re-encryption operation is performed every fixed data amount. 
     
     
       35. A cryptographic communication method for use in a cryptographic communication system including at least one of first type terminals using a first cipher type, at least one of second type terminals using a second cipher type different from the first cipher type, and n cryptographic protocol conversion servers (n≧2) using the first and second cipher types, the first type terminals, the second type terminals and the cryptographic protocol conversion servers being connected to one another through at least one of networks, said cryptographic communication method performing cryptographic communication between the first type terminals and the second type terminals, characterized in that: each of the first type terminals divides data to be transmitted into k items of data to be distributed among k cryptographic protocol conversion servers (n≧k≧2) of the n cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of the second type terminals, encrypts the divided k items of data according to the first cipher type, and then adds terminal information representing a transmission terminal and a reception terminal to the encrypted k items of data to transmit the data to the k cryptographic protocol conversion servers, and also decrypts the k items of data transmitted from each of the k cryptographic protocol conversion servers according to the first cipher type, and then restores original data from the decrypted k items of data;   each of the second type terminals divides data to be transmitted into k items of data to be distributed among k cryptographic protocol conversion servers (n≧k≧2) of the n cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of the first type terminals, encrypts the divided k items of data according to the second cipher type, adds terminal information representing a transmission terminal and a reception terminal to the encrypted k items of data to transmit the data to the k cryptographic protocol conversion servers, decrypts the k items of data transmitted from each of the k cryptographic protocol conversion servers, according to the second cipher type, and restore original data from the k items of data decrypted by said decryption means; and   each of the n cryptographic protocol conversion servers decrypts one data item transmitted from any one of the first type terminals and the second type terminals according to the cipher type of the first and second cipher types which is used by a transmission terminal indicated by the terminal information added to the data, then re-encrypts the data according to the cipher type of the first and second cipher types which is used by a reception terminal indicated by the terminal information added to the data, and transmits the re-encrypted one data item to the reception terminal indicated by the terminal information added to the data.   
     
     
       36. The cryptographic communication method as claimed in claim 35, wherein the generated k items of data have the same data amount, and each of the k items of data has a smaller data amount than that of the data before the k items of data are generated. 
     
     
       37. The cryptographic communication method as claimed in claim 35, wherein the k items of data will have the same data amount as original data before the k items of data are generated when an exclusive OR operation is performed on the k items of data. 
     
     
       38. The cryptographic communication method as claimed in claim 35, wherein the k items of data are generated by successively allocating original data before the generation of the k items of data every fixed data amount. 
     
     
       39. The cryptographic communication method as claimed in claim 38, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       40. The cryptographic communication method as claimed in claim 35, wherein the data before the generation of the k items of data are scrambled every fixed data amount, and then the k items of data are generated from the scrambled data. 
     
     
       41. The cryptographic communication method as claimed in claim 40, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       42. The cryptographic communication system as claimed in claim 35, wherein the decryption/re-encryption operation is performed every fixed data amount. 
     
     
       43. A cryptographic communication method for use in a cryptographic communication system including at least one of first type terminals using a first cipher type, at least one of second type terminals using a second cipher type different from the first cipher type, n first type cryptographic protocol conversion servers (n≧2) using a third cipher type which is different from the first and second cipher types, and n second type cryptographic protocol conversion servers (n≧2) which use the second and third cipher types and each of which beforehand corresponds to each of the n first type cryptographic protocol servers, the first and second type terminals and the first and second type cryptographic protocol conversion servers being connected to one another through at least one of networks, said cryptographic communication method performing cryptographic communication between the first type terminals and the second type terminals, characterized in that: each of the first type terminals divides data to be transmitted into k items of data to be distributed among k cryptographic protocol conversion servers (n≧k≧2) of the n first type cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of the second type terminals, encrypts the divided k items of data according to the first cipher type, adds terminal information representing a transmission terminal and a reception terminal to the encrypted k items of data to transmit the data to the k first type cryptographic protocol conversion servers, decrypts the k items of data transmitted from each of the k first type cryptographic protocol conversion servers according to the first cipher type, and restores original data from the decrypted k items of data;   each of the second type terminals divides data to be transmitted into k items of data to be distributed among k cryptographic protocol conversion servers (n≧k≧2) of the n second type cryptographic protocol conversion servers on the basis of the data to be transmitted to a terminal of the first type terminals, encrypts the divided k items of data according to the second cipher type, adds terminal information representing a transmission terminal and a reception terminal to the encrypted k items of data to transmit the data to the k second type cryptographic protocol conversion servers, decrypts the k items of data transmitted from each of the k second type cryptographic protocol conversion servers according to the second cipher type, and restores original data from the decrypted k items of data;   each of the n first type cryptographic protocol conversion servers decrypts one data item transmitted from any one of the first type terminals according to the first cipher type and then re-encrypts the data according to the third cipher type and for decrypting one data item transmitted from corresponding one cryptographic protocol conversion server of the n second type cryptographic protocol conversion servers according to the third cipher type and then re-encrypting the data according to the first cipher type, and transmits one data item re-encrypted according to the third cipher type to corresponding one cryptographic protocol conversion server of the n second type cryptographic protocol conversion servers and for transmitting one data item re-encrypted according to the first cipher type to a reception terminal indicated by the terminal information added to the data; and each of the n second type cryptographic protocol conversion servers decrypts one data item transmitted from any one of the second type terminals according to the second cipher type and then re-encrypts the data according to the third cipher type and for decrypting one data item transmitted from corresponding one cryptographic protocol conversion server of the n first type cryptographic protocol conversion servers according to the third cipher type and then re-encrypting the data according to the second cipher type, and transmits one data item re-encrypted according to the third cipher type to corresponding one cryptographic protocol conversion server of the n first type cryptographic protocol conversion servers and for transmitting one data item re-encrypted according to the second cipher type to a reception terminal indicated by the terminal information added to the data.   
     
     
       44. The cryptographic communication method as claimed in claim 43, wherein the generated k items of data have the same data amount, and each of the k items of data has a smaller data amount than that of the data before the k items of data are generated. 
     
     
       45. The cryptographic communication method as claimed in claim 43, wherein the k items of data will have the same data amount as original data before the k items of data are generated when an exclusive OR operation is performed on the k items of data. 
     
     
       46. The cryptographic communication method as claimed in claim 43, wherein the k items of data are generated by successively allocating original data before the generation of the k items of data every fixed data amount. 
     
     
       47. The cryptographic communication method as claimed in claim 46, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       48. The cryptographic communication method as claimed in claim 43, wherein the data before the generation of the k items of data are scrambled every fixed data amount, and then the k items of data are generated from the scrambled data. 
     
     
       49. The cryptographic communication method as claimed in claim 48, wherein when the data before the generation of the k items of data represent a character array, the fixed data amount is smaller than the data amount of one character. 
     
     
       50. The cryptographic communication system as claimed in claim 43, wherein the decryption/re-encryption operation is performed every fixed data amount. 
     
     
       51. An information processing method for a cryptographic communication system including at least one of first type terminals using a first cipher type, at least one of second type terminals using a second cipher type different from the first cipher type, and n cryptographic protocol conversion servers (n≧2) using the first and second cipher types, said first type terminals, said second type terminals and said cryptographic protocol conversion servers being connected to one another through at least one of networks, said cryptographic communication method performing cryptographic communication between the first type terminals and the second type terminals, characterized in that: k items of data to be distributed among k cryptographic protocol conversion servers (n≧k≧2) of the n cryptographic protocol conversion servers are divided on the basis of the data to be transmitted to a terminal of the second type terminals, the divided k items of data are encrypted according to the first cipher type, terminal information representing a transmission terminal and a reception terminal is added to the encrypted k items of data to transmit the data to the k cryptographic protocol conversion servers, k items of data transmitted from the k cryptographic protocol conversion servers are decrypted according to the first cipher type, and then original data are restored from the decrypted k items of data.   
     
     
       52. The information processing method as claimed in claim 51, wherein the generated k items of data will be the same as the data before the generation thereof by performing an exclusive OR operation.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.